2022-03-17 05:37:08 -04:00
|
|
|
# syntax=docker/dockerfile:1
|
2021-07-22 08:48:09 -04:00
|
|
|
|
update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4
from the security mailing:
[security] Go 1.21.4 and Go 1.20.11 are released
Hello gophers,
We have just released Go versions 1.21.4 and 1.20.11, minor point releases.
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize `\??\` as a Root Local Device path prefix.
On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
access arbitrary locations on the system. For example, the path `\??\c:\x`
is equivalent to the more common path c:\x.
The filepath package did not recognize paths with a `\??\` prefix as special.
Clean could convert a rooted path such as `\a\..\??\b` into
the root local device path `\??\b`. It will now convert this
path into `.\??\b`.
`IsAbs` did not report paths beginning with `\??\` as absolute.
It now does so.
VolumeName now reports the `\??\` prefix as a volume name.
`Join(`\`, `??`, `b`)` could convert a seemingly innocent
sequence of path elements into the root local device path
`\??\b`. It will now convert this to `\.\??\b`.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The `IsLocal` function did not correctly detect reserved names in some cases:
- reserved names followed by spaces, such as "COM1 ".
- "COM" or "LPT" followed by a superscript 1, 2, or 3.
`IsLocal` now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 12:39:54 -05:00
|
|
|
ARG GO_VERSION=1.21.4
|
2023-06-14 07:30:40 -04:00
|
|
|
ARG ALPINE_VERSION=3.17
|
2019-07-18 05:13:45 -04:00
|
|
|
|
2023-07-18 18:24:18 -04:00
|
|
|
ARG BUILDX_VERSION=0.11.2
|
2022-02-03 04:37:55 -05:00
|
|
|
FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
|
|
|
|
|
|
2022-12-04 08:01:30 -05:00
|
|
|
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang
|
2023-09-26 06:43:38 -04:00
|
|
|
ENV GOTOOLCHAIN=local
|
|
|
|
|
ENV CGO_ENABLED=0
|
2020-08-28 07:12:07 -04:00
|
|
|
|
Use gofumpt if available, and enable gofumpt linter
gofumpt provides a supserset of gofmt / go fmt, but not every developer may have
it installed, so for situations where it's not available, fall back to gofmt.
As our code has been formatted with gofumpt already, in most cases contributions
will follow those formatting rules, but in some cases there may be a difference,
which would already be flagged by manual code review, but let's also enable the
gofumpt linter.
With this change, `make fmt` will use gofumpt is available; gofumpt has been
added to the dev-container, so `make -f docker.Makefile fmt` will always use it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 07:10:53 -04:00
|
|
|
FROM golang AS gofumpt
|
|
|
|
|
ARG GOFUMPT_VERSION=v0.4.0
|
|
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
|
|
|
|
GO111MODULE=on go install "mvdan.cc/gofumpt@${GOFUMPT_VERSION}" \
|
|
|
|
|
&& gofumpt --version
|
|
|
|
|
|
2020-08-28 07:12:07 -04:00
|
|
|
FROM golang AS gotestsum
|
2023-06-14 14:57:02 -04:00
|
|
|
ARG GOTESTSUM_VERSION=v1.10.0
|
2020-08-28 07:20:11 -04:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
2021-07-15 09:15:38 -04:00
|
|
|
GO111MODULE=on go install gotest.tools/gotestsum@${GOTESTSUM_VERSION}
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2021-10-11 10:54:09 -04:00
|
|
|
FROM golang AS goversioninfo
|
|
|
|
|
ARG GOVERSIONINFO_VERSION=v1.3.0
|
|
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
|
|
|
|
GO111MODULE=on go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}
|
|
|
|
|
|
2020-08-28 07:12:07 -04:00
|
|
|
FROM golang AS dev
|
|
|
|
|
RUN apk add --no-cache \
|
|
|
|
|
bash \
|
|
|
|
|
build-base \
|
|
|
|
|
ca-certificates \
|
|
|
|
|
coreutils \
|
|
|
|
|
curl \
|
2022-04-06 12:54:32 -04:00
|
|
|
git \
|
|
|
|
|
jq \
|
|
|
|
|
nano
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2022-04-06 12:54:32 -04:00
|
|
|
RUN echo -e "\nYou are now in a development container. Run '\e\033[1mmake help\e\033[0m' to learn about\navailable make targets.\n" > /etc/motd \
|
|
|
|
|
&& echo -e "cat /etc/motd\nPS1=\"\e[0;32m\u@docker-cli-dev\\$ \e[0m\"" >> /root/.bashrc
|
2020-08-28 07:19:09 -04:00
|
|
|
CMD bash
|
2020-08-28 07:12:07 -04:00
|
|
|
ENV DISABLE_WARN_OUTSIDE_CONTAINER=1
|
|
|
|
|
ENV PATH=$PATH:/go/src/github.com/docker/cli/build
|
|
|
|
|
|
2023-08-24 19:56:35 -04:00
|
|
|
COPY --link --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
|
|
|
|
|
COPY --link --from=gofumpt /go/bin/* /go/bin/
|
|
|
|
|
COPY --link --from=gotestsum /go/bin/* /go/bin/
|
|
|
|
|
COPY --link --from=goversioninfo /go/bin/* /go/bin/
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2017-04-18 19:12:24 -04:00
|
|
|
WORKDIR /go/src/github.com/docker/cli
|
2021-07-15 09:15:38 -04:00
|
|
|
ENV GO111MODULE=auto
|
2023-08-24 19:56:35 -04:00
|
|
|
COPY --link . .
|
